The DAO hack - what happened and what followed?

2 years ago | Emma Avon

In 2016 a grand idea made its way onto the Ethereum network. The Decentralized Autonomous Organization (The DAO) was created to operate like a venture capital fund for decentralized cryptocurrency projects. The DAO was built as a smart contract on the Ethereum blockchain and had a creation period that allowed investors to send Ether to a wallet address in exchange for DAO tokens, with 1 Ether worth 100 DAO tokens. The DAO managed to attract approximately $150M worth of Ether turning it into the biggest crowdfunding event ever seen in the cryptocurrency space.

The DAO

The DAO was a complex Smart Contract with a focus on fair, decentralized operations. In order to allow investors to leave the organization in the case of a disagreement, The DAO was created with an exit or a ‘split function’. This function allowed users to revert the involvement process and to have the Ether they had sent to The DAO returned. If someone wanted to leave The DAO, they would create their own Child DAOs, wait 28 days and then approve their proposal to send Ether to another address.

During its early days of operation there were warnings of security issues and even a community call for a moratorium, however, most of the security issues were not solved.

The Hack

On June 18, it was noticed that funds were leaving The DAO and the Ether balance of the smart contract was being drained. Around 3.6M Ether worth approximately $70M were drained by a hacker in a few hours. The hacker was able to get the DAO smart contract to return Ether multiple times before it could update its own balance. There were two main flaws that allowed this to take place, firstly the smart contract sent the Ether and then updated the internal token balance. Secondly, The DAO coders had also failed to consider the possibility of a recursive call that could act in such a way.

The hack resulted in the proposal of a soft fork that would stop the stolen funds from being spent, however, this never took place after a bug was discovered within the implementation protocol. This opened up the possibility of a hard fork with wider reaching implications.

The Hard Fork

A hard fork was proposed that would return all the Ether stolen The DAO in the form of a refund smart contract. The new contract could only withdraw and investors in The DAO could make refund requests for lost Ether. While it makes perfect sense to seek to reimburse the victims of the attack, the hard fork uncovered a number of arguments that are still prevalent in the world of cryptocurrency today.

Some opposed the hard fork and argued that the original statement of The DAO terms and conditions could never be changed. They also felt that the blockchain should be free from censorship and things that take place on the blockchain shouldn’t be changed even in the event of negative outcomes. Opponents of these arguments felt that the hacker could not be allowed to profit from his actions and that returning the funds would keep blockchain projects free from regulation and litigation. The hard fork also made sense as it only returned funds to the original investors and would also help to stabilize the price of Ether.

The Conclusion

The final decision was voted on and approved by Ether holders, with 89% voting for the hard fork and as a result, it took place on July 20 during the 1920000th block. The immediate result of this was the creation of Ethereum Classic (ETC) which shares all the data on the Ethereum blockchain up until block 1920000.

The creation of Ethereum Classic showed that hard forks were very much possible and it can be said that the creation of the second Ethereum currency has had an influence on the creators of subsequent Bitcoin forks. It also became clear that while the DAO was great idea, it was not implemented correctly and in order to move forward successfully blockchain projects would have to implement rigid security protocols.